Authorizing a bios policy change for storage

ABSTRACT

Examples herein disclose receiving a basic input output system (BIOS) policy change and authorizing the BIOS policy change. Upon the authorization of the BIOS policy change, a first copy of the BIOS policy is stored in a first memory accessible by a central processing unit. Additionally, a second copy of the BIOS policy change is transmitted for storage in a second memory electrically isolated from the central processing unit.

BACKGROUND

A computing system can include code to perform various startup functionsof the computing device. This code may include Basic Input/Output System(BIOS) code. The BIOS code may initialize and test hardware of thecomputing, device. Additionally, the BIOS code may load bootstrap codeand/or an operating system from a memory device of the computing device.

BRIEF DESCRIPTION OF THE DRAWINGS

In the accompanying drawings, like numerals refer to like components orblocks. The following detailed description references the drawings,wherein:

FIG. 1 is a block diagram of an example system including anauthorization of basic input output system (BIOS) policy change andbased on the authorization, a first copy of the BIOS policy change isstored in a first memory accessible by a central processing unit and asecond copy is transmitted to a second memory isolated from the centralprocessing unit for storage;

FIG. 2 is a block diagram of example system including a centralprocessing unit to initiate an execution of BIOS, validate the BIOSthrough a comparison of a first value corresponding to a BIOS policy ina first memory and a second value corresponding to a BIOS policy in asecond memory;

FIG. 3 is a flowchart of an example method to receive a BIOS policychange for authorization and depending on the authorization of the BIOSpolicy change, the method stores a first copy of the BIOS policy changein a first memory and transmits a second copy of the BIOS policy changefor storage in a second memory;

FIG. 4 is a flowchart of an example method to initiate a boot sequenceof BIOS and validate a BIOS policy through a comparison of a first valueof a BIOS policy in a first memory and a second value of a BIOS policyin a second memory, upon a failure of the validation, the methodreplaces the BIOS policy in first memory with the backup copy from thesecond memory;

FIG. 5 is a flowchart of an example method for authorizing a BIOS policychange and storing a first copy in a first memory and encrypting asecond copy of the BIOS policy change prior to storage in a secondmemory, and

FIG. 6 is a block diagram of an example computing device with aprocessor to execute instructions in a machine-readable storage mediumlilt authorizing a BIOS policy change for storage in a first memory anda second memory and also validating a BIOS policy through a comparisonof values in the first memory and the second memory.

DETAILED DESCRIPTION

BIOS code may be executed to configure and test hardware within acomputing device. As such, the BIOS code may include a BIOS policy whichprovides a guideline for controlling a configuration of the BIOSsettings. The BIOS policies may include, by way of example, a boot orderof the BIOS code, hardware configurations, BIOS security mechanism, orother type BIOS control settings. A BIOS policy change is a modificationto at least one of these BIOS policies. These BIOS policies and/or BIOScode may be susceptible to attacks. As such, when the BIOS policy and/orcode becomes corrupt, there may be no backup of the configurationchanges in BIOS policies and/or code. Additionally, it may not befeasible to detect whether a change in the BIOS policy and/or code wasauthorized. Thus, this may lead to the computing device executing thecorrupt BIOS policy and/or corrupt code. Further, the BIOS policy and/orcode may be more susceptible to attacks if placed in a memory accessibleby a central processing unit. This may be because many of the attackersmay use the central processing unit to access the BIOS policy and/orcode.

To address these issues, examples disclosed herein identify a change toa BIOS policy and detects whether the change may be authorized prior tocommitting the change into a memory. The examples provide upon receivinga BIOS policy change, determining whether the BIOS policy change hasbeen authorized. If the BIOS policy change has been authorized, a copyof the BIOS policy change may be stored in a first memory accessible bya central processing unit (CPU). If it has been determined the BIOSpolicy change is unauthorized, the BIOS policy change is not committedto storage. Authorizing the BIOS policy change prior to committing tostorage prevents corrupt and/or unauthorized BIOS policy change(s) to beexecuted by the CPU.

Additionally upon the authorization, an additional copy of the BIOSpolicy change is transmitted for storage in a second memory electricallyisolated from the CPU. The first memory is considered more susceptibleto a potential attack as the first memory is accessible by the CPU whereattackers may try to target. Targeting the CPU, the attackers may gainaccess to the first memory; however, electrically isolating the secondmemory from the CPU protects the various BIOS policies and/or code hornpotential attacks. Additionally, protecting the BIOS policies and/or inthe second memory provides a mechanism to backup the various BIOSpolicies and/or code for preservation.

In another example discussed herein, the CPU initiates execution of theBIOS from the first memory and validates at least one of the BIOSpolicies in the first memory. The execution of the BIOS may occursimultaneously and/or upon determining whether the BIOS policy changehas been authorized. The validation may occur through a comparison of afirst value representing the BIOS policy in the first memory and asecond value representing the corresponding BIOS policy in the secondmemory. If the values are similar, the CPU may resume execution of theBIOS as this indicates the BIOS policy in the first memory has not beentampered with and is without corruption. If the values are dissimilar,the corresponding BIOS policy in the second memory serves as backup toreplace the BIOS policy in the first memory. This example enables theCPU to detect whether particular BIOS policies in the first memory havebeen tampered with and to proactively respond to the corrupt BIOSpolicies. This ensures the second memory remains a reliable source forobtaining the BIOS if the first memory may suffer any BIOS policycorruptions.

Thus, examples disclosed herein provide a secure mechanism forauthorizing a BIOS policy change prior to committing the change intostorage. Additionally, the examples provide a validation of a BIOSpolicy in a memory to detect whether the BIOS policy may be corrupt.

Referring now to the figures, FIG. 1 is a block diagram of an examplecomputing system including a central processing unit (CPU) 102 which mayaccess a first memory 104. The first memory 104 includes a BIOS 106consisting of various BIOS policies (BIOS Policy 1, BIOS Policy 2, BIOSPolicy N) 108. The CPU receives a BIOS policy change and may authorizethis BIOS policy change at module 112. If the BIOS policy change isauthorized, a first copy of the BIOS policy change 110 is placed in thefirst memory 104 and a second copy of the BIOS policy change 118 istransmitted to a controller 114 for storage in a second memory 116. Thefirst memory 104 is accessible by the CPU 102 for placing the first copyof the BIOS policy change in the memory 104. Additionally, the CPU 102may retrieve the BIOS 106 for execution. The second memory 116 providesa private storage in the sense the second memory 116 is electricallyisolated from the CPU 102. Electrically isolating the second memory 116from the CPU 102, protects the BIOS 106 and the various BIOS policies108 within the second memory 116.

Authorizing the BIOS policy change at module 112 prior to placing in thefirst memory 104 and the second memory 116, enables the CPU to preventunauthorized copies of the BIOS policy change from being stored inmemories 104 and 116. This provides a secure authentication mechanism ofthe BIOS 106 and the various BIOS policies 108. Implementations of theCPU 102 may include, by way of example, a processor, processing unit,host processor, microprocessor, semiconductor, integrated circuit, ofother type of electronic device capable of executing the BIOS 106 fromthe first memory 104.

The first memory 104 is a storage area within the computing device whichmaintains the BIOS 104 and as such, is accessible by the CPU 102.Implementations of the first memory 104 include, by way of example,read-only memory, flash memory, ferroelectric memory, ferroelectric RAM,magnetic storage memory, nanodrive, storage drive, memory component, orany combination of such memory components to maintain the BIOS 106.

The BIOS 106 includes, by way of example, BIOS code, BIOS data, andvarious BIOS policies 108. The BIOS 106 serves to initialize and testthe hardware components within the computing system. The BIOS 106 ismaintained in the first memory 104 and the second memory 116. In oneimplementation, the BIOS maintained in the second memory 116 serves abackup to the BIOS in the first memory 104 upon a detection ofcorruption and/or unauthorized changes to the various BIOS policies 108and/or code in the first memory 104.

The various BIOS policies 108 represent different BIOS policyconfigurations. These BIOS policies 108 provide a configuration of theBIOS settings. The BIOS policy change is a modification to at least oneof the various BIOS policies 108. In one implementation, the BIOS policychange may be a user-defined change. In this implementation, the BIOSpolicy change may be received by the CPU 102 locally or over a network.For example, the BIOS policy change may be generated locally by a userin which a prompt on a display of the computing device enables the userto select modification to particular BIOS policies. In another example,the BIOS policy change may be received over the network which mayinclude a request from an administrator from a remote location.

The first copy of the BIOS policy change 110 is placed in the firstmemory 104 upon the authorization of the BIOS policy change at module112. The first copy of the BIOS polity change 110 includes the BIOS codeand/or data which may be used by the CPU 102 for execution.

At module 112, the CPU may determine whether the BIOS policy change hasbeen authorized. The authorization mechanisms may include, by way ofexample: inputting a password; using credentials associated with the CPU102 and/or computing device; a cryptographic algorithm in which the BIOSpolicy change may be represented as a hash value and the computingdevice and/or CPU 102 may have a device specific decryption key todecrypt the hash value; and a key-hash authentication code (HMAC).Although FIG. 1 illustrates the first memory 104 as authorizing the BIOSpolicy change at module 112, this was done for illustration purposesrather than for limiting implementations. For example, the BIOS policychange may be authorized by different components within the computingsystem. In an example, the CPU 102 may authorize the BIOS policy changeupon receiving the BIOS policy change. In another example, thecontroller 114 may authorize the BIOS policy change. In a furtherexample, another component such as an I/O controller may authorize theBIOS policy change. Implementations of the module 112 include aninstruction, set of instructions, process, operation, logic, technique,function, firmware, and/or software executable by a computing device andcapable of determining whether the BIOS policy change is authorized.

The controller 114 is a hardware component which may receive the secondcopy of the BIOS policy change 118 upon the authorization of the BIOSpolicy change at module 112. The controller 114 is considered thehardware component with access to the second memory 116. As such, uponreceiving the second copy of the BIOS policy change 118, the controller114 stores the second copy 118 in the second memory 116. In oneimplementation, the controller 114 authorizes the BIOS policy change atmodule 112 rather than the CPU 102. In this implementation, thecontroller 114 operates as a gatekeeper of determining whether to storethe BIOS policy change in the second memory 116. Implementations of thecontroller 114 may include, by way of example, an embedded controller,microcontroller, semiconductor, electronic device, microchip, chipset,or other type of hardware component capable of access to the BIOS 106 inthe second memory 116.

The second memory 116 is a storage area within the computing systemwhich maintains the BIOS 106 and is electrically isolated from the CPU102. In this manner, the CPU 102 is without access to the second memory102. As such, for accessing and or storing the BIOS code and or policywithin the second memory 116, requests are passed through to thecontroller 114. In one implementation, if upon execution, the CPU 102detects one of the various BIOS policies 108 and/or BIOS code within thefirst memory 104 is corrupt, the corresponding various BIOS policy 108and/or MOS code within the second memory 116 is used to replace thecorrupt BIOS policy and/or BIOS code in the first memory 104. Thevarious BIOS policies 108 and/or BIOS code in the first memory 104corresponds to the various BIOS policies and/or BIOS code in the secondmemory 116 in the sense the policies and/or code may be similar oranalogous in function, purpose, and/or amount to the portion of the BIOS106. In this manner, the BIOS 106 maintained in the second memory 116serves as the backup BIOS to the BIOS 106 in the first memory 104. In afurther implementation, the CPU 102 may validate a specific BIOS policyin the first memory 104 through a comparison of a first valuerepresenting the specific BIOS in the first memory 104 and a secondrepresenting the corresponding BIOS policy in the second memory 116. Inthis implementation, if the CPU 102 invalidates the specific BIOS policyin the first memory 104, the corresponding BIOS policy from the secondmemory 116 is used to replace the specific BIOS policy in the firstmemory 104. This implementation is discussed in detail in a laterfigure. Implementations of the second memory 116 include, by way ofexample, read-only memory, flash memory, ferroelectric memory,ferroelectric RAM, magnetic storage memory, nanodrive storage drive,memory component, or any combination of such memory components tomaintain the BIOS 106.

The second copy of the BIOS policy change 118 is transmitted to thecontroller 114 upon the authorization of the BIOS policy change atmodule 112. The second copy of the BIOS policy change 118 includes theBIOS code and/or data corresponding to the BIOS policy change receivedby the CPU 102. Although FIG. 1 illustrates two copies of the BIOSpolicy change 110 and 118, this was done for illustration purposes asthere may be three copies, four copies, etc.

FIG. 2 is a block diagram of an example computing system including acentral processing unit (CPU) 202 to initiate an execution of a BIOS 206in first memory 204 at module 218. When executing the BIOS 206 at module218, the CPU 202 validates a BIOS policy 208 module 220. The CPU 202validates the BIOS policy 208 at module 220 by comparing a first value210 corresponding to the BIOS policy 208 in the first memory 204 and asecond value. 224 corresponding to the BIOS policy 208 in a secondmemory 216. If the validation fails or is invalidated at module 222, thecorresponding BIOS policy 208 in the second memory 216 is retrieved bythe controller 214 to replace the invalidated BIOS policy 208 in thefirst memory 204. The first value 210 and the second value 224 arevalues which represent the BIOS policy 208 within the first memory 204and the BIOS policy 208 within the second memory 216, respectively. Assuch, the first value 210 and the second value 224 may include, by wayof example, a hash value, checksum, hash code, or other type of valuerepresentative of the respective BIOS policies 208. Using values torepresent the BIOS policies 208 in the first and the second memory 204216, reduces an amount of data being sent between the controller 214 andthe CPU 202 as the value(s) are calculated for each of the BIOS policies208 for representation purposes. The CPU 202 and the first memory 204may be similar in structure and functionality to the CPU 102 and thefirst memory 104 as in FIG. 1. The BIOS 206 and the BIOS policy 208 maybe similar in functionality to the BIOS 106 and the various BIOSpolicies 108 as in FIG. 1. Additionally, although FIG. 2 illustrates thesingle BIOS policy 208 in the first memory 204 and the second memory 216this was done for illustration purposes as there may be multiple BIOSpolicies as in FIG. 1. Further, the controller 214 and the second memory216 may be similar in structure and functionality to the controller 114and the second memory 116 as in FIG. 1.

At module 218, the CPU 202 retrieves the BIOS 206 for initiating theexecution of the BIOS. At module 218, the CPU 202 loads bootstrap dataof the BIOS 206 to initiate the execution. In one implementation, theBIOS 206 may include a BIOS policy change as in FIG. 1 as part of theBIOS 206 in both the first memory 204 and the second memory 216.Implementations of module 218 include, by way of example, aninstruction, set of instructions, process, operation, logic, technique,function, firmware, and/or software executable by the CPU 202 forexecuting the BIOS 206 from the first memory 204.

At module 220 upon executing the BIOS 206, the CPU 202 validates theBIOS policy 208. The CPU 202 retrieves the BIOS 206 from the firstmemory 204 including the BIOS policy 208 from the first memory 204. Inone implementation of module 220, the CPU 202 may proceed to module 222to compare the first value 210 and the second value 224 to validate orinvalidate the BIOS policy 208 in the first memory 204. Implementationsof module 220 include, by way of example, an instruction, set ofinstructions, process, operation, logic, technique, function, firmware,and/or software executable by the CPU 202 for validating the BIOS policy208 from the first memory 204.

At module 222, the CPU 202 validates the BIOS policy 208 by comparingthe first value 210 representing the BIOS policy 208 in the first memory204 and the second value 224 representing the corresponding BIOS policy208 in the second memory. In one implementation of module 222, the CPU202 calculates the value representing the first value 210, such as thefirst hash value. In another implementation of module 222, the firstvalue 210 may include a checksum value for checking the integrity of theBIOS policy 208 in the first memory 204.

To obtain the second value 224 at module 222, the CPU 202 may transmit arequest to the controller 214 to retrieve the second value 224 and/orthe corresponding BIOS policy 208 from the second memory 216. In anotherimplementation, the CPU 202 obtains the corresponding BIOS policy 208from the second memory 216 and calculates the value representing thesecond value 224. If the values mismatch at module 222, this indicatestampering with a copy of the BIOS policy 208 in the first memory 204.Accordingly, the corresponding BIOS policy 208 is recovered from thesecond memory 216 and used to replace the corrupt BIOS policy 208 in thefirst memory 204. If the values match or are similar at module 222, theCPU 202 may resume execution of the BIOS 206 from the first memory 204.If the values are similar at module 222, this indicates the BIOS policy208 in the first memory 204 has not been tampered with and thus iswithout corruption. Implementations of module 222 include, by way ofexample, an instruction, set of instructions, process, operation, logic,technique, function, firmware, and/or software executable by the CPU 202for comparing the values 210 and 224.

The first value 210 is a representation of the value corresponding tothe BIOS policy 208 in the first memory 204. The first value 210 is usedto map the data in the BIOS pokey 208, with differences in the variousBIOS policies produces different values. Thus the first value 210 andthe second value 224 are used to differentiate between the BIOS policies208 in the first memory 204 and the second memory 216, respectively. Asexplained earlier, upon retrieving the data of the BIOS policy 208 fromthe first memory 204, the CPU 202 calculate the first value 210 from thefirst memory 204 for validation of the BIOS policy 208 in the firstmemory 204. Implementations of the first value 210 include, by way ofexample hash value, hash code, hash sum, checksum, hash, or other typeof value representing the BIOS policy 208 in the first memory 204.

The second value 224 is a representation of the value corresponding tothe data in the BIOS policy 208 within the second memory 216. The CPU202 may obtain the second value 224 as through the controller 214 and/orby obtaining the corresponding BIOS policy 208 and then calculating thesecond value 224. Implementations of the second value 2224 include, byway of example, hash value, hash code, hash sum, hash, checksum, orother type of value representing the BIOS policy 208 in the secondmemory 216.

FIG. 3 is a flowchart, executable by a computing device, for receiving aBIOS policy change and authorizing the BIOS policy change. Depending onwhether the authorization of the BIOS policy change is successful, thecomputing device may proceed to store a first copy of the BIOS policychange, in a first memory accessible by a central processing unit (CPU).Additionally, if the authorization of the BIOS policy change issuccessful, the computing device may transmit a second copy of the BIOSpolicy for storage at a second memory which is electrically isolatedfrom the CPU. If the authorization of the BIOS policy change fails, thecomputing device does not store the BIOS policy change in the firstmemory or the second memory. In discussing FIG. 3, references may bemade to the components in FIGS. 1-2 to provide contextual examples. Forexample, the CPU 102 as in FIG. 1 executes operations 302-312 toauthorize the bios policy change, store the first copy of the BIOSpolicy change, and transmit the second copy of the BIOS policy changefor storage. In another example, a computing device executes operations302-312. Further, although FIG. 3 is described as implemented by thecentral processing unit, it may be executed on other suitablecomponents. For example, FIG. 3 may be implemented in the form ofexecutable instructions on a machine-readable storage medium 604 as inFIG. 6.

At operation 302, the CPU may receive the BIOS policy change. The BIOSpolicy change, by way of example, may be received by the CPU locally ormay be received over a network. For example, the BIOS policy change maybe generated locally by a user in which a prompt on a display of thecomputing device enables the user to select modification to particularBIOS policies. In another example, the BIOS policy change may bereceived over the network which may include a request from anadministrator from a remote location. In one implementation uponreceiving the BIOS policy change, the CPU may categorize the changeaccording to whether the change is critical and sensitive or may involvenon-sensitive operation policies. In this implementation, the CPU mayanalyze the BMS code as part of the BIOS policy change. The critical andsensitive type of BIOS policy change may include those changes involvingsecurity and other such operational changes in the BIOS which iscritical to the functioning and operation of the BIOS. For example, acritical type of BIOS policy change may involve the BIOS policy secureboot. The non-sensitive type of operation BIOS policy change may involvethe type of operations in which the BIOS remains operational. Forexample, this may include ownership and/or display string of data whichmay appear upon the execution of the BIOS. If the CPU determines theBIOS policy change involves a critical and sensitive operation, the CPUmay then proceed to operation 304 to determine whether the BIOS policychange is authorized. If the CPU determines the BIOS policy changeinvolves a non-critical and non-sensitive type of BIOS policy, the CPUmay commit the change to the first memory but does not commit the changeto the second memory. This ensures that the BIOS policy changes arecommitted to the second memory upon the authorization.

At operation 304, the CPU may determine whether the BIOS policy changereceived at operation 302 may be authorized. The mechanisms forauthorizing the BIOS policy change may include, by way of example: aphysical presence of a user in which a prompt on a screen may elicituser input to ensure the change is requested; inputting a password;using credentials associated with the CPU and/or computing device; acryptographic algorithm in which the BIOS policy change may berepresented as a hash value and the computing device and/or CPU may havea device specific decryption key to decrypt the hash value; and akey-hash authentication code (HMAC). If the CPU determines the BIOSpolicy change has not been authorized (i.e., unauthorized), the CPU mayproceed to operations 306-308. Upon determining the BIOS policy changeis authorized, the CPU may proceed to operations 310-312 to store a copyof the BIOS policy change in the first memory and transmit an additionalcopy of the BIOS policy change to a controller which may place theadditional copy, in the second memory.

At operation 306, upon determining the BIOS policy change isunauthorized at operation 304, the CPU does not store the BIOS policychange in the first memory. Not allowing the unauthorized BIOS policychange for storage controls which BIOS policy changes may be stored.This provides security in the sense that the CPU selects which BIOSpolicies and/or code may be stored in the first memory.

At operation 308, upon determine the BIOS policy change is unauthorizedat operation 304, the CPU does not transmit the BIOS policy change farstorage in the second memory. The second memory is isolated from theCPU, which provides additional security to the BIOS policies and/or codewhich is stored in the second memory.

At operation 310, upon determining the BIOS policy change is authorizedat operation 304, the CPU may produce the first copy of the BIOS policychange for storage at the first memory. The CPU may generate two or morecopies of the BIOS policy change for storage in the first memory and thesecond memory, respectively. The CPU may have access to the firstmemory, unlike the second memory, thus the CPU may directly access thefirst memory for storing the authorized BIOS policy change. In anotherimplementation, the CPU may calculate a value representative of theauthorized BIOS policy change in the first memory. This allows the CPUto check the integrity of the BIOS policy and/or code when executing theBIOS from the first memory. This implementation may be discussed in alater figure.

At operation 312, the CPU transmits an additional copy (i.e., the secondcopy) of the BIOS policy change to the second memory to a controller.The controller, by way of example, may include an embedded controllerwhich has access to the second memory. Thus as explained earlier, sincethe second memory is electrically isolated from the CPU, the CPUtransmits to the embedded controller what should be stored.

FIG. 4 is a flowchart, executable by a computing device, for initiatinga boot sequence of BIOS and validating a BIOS policy through acomparison of a first value and a second value. The first value is arepresentation corresponding to a BIOS policy in a first memory and thesecond value is a representation corresponding, to a BIOS policy in thesecond memory. The computing device compares these values to determinewhether the BIOS policy in the first memory may be corrupt. This enablesthe computing device to detect an unauthorized and or invalidated BIOSpolicy within the first memory. In this implementation, the computingdevice compares the first value and the second value for determiningwhether the BIOS policy in the first memory is valid. If the validationis successful, the computing device may proceed to continue execution ofthe boot sequence of the BIOS. If the validation fails, the computingdevice obtains a copy of a backup BIOS policy limn the second memory andreplaces the BIOS policy in the first memory with the backup copy of theBIOS policy in the second memory. The second memory serves as the securememory to override particular MOS policies and/or code in the firstmemory. In this manner, the second memory serves as a private memory inthe sense the second memory is electrically isolated from a centralprocessing unit (CPU) of the system. As such, this provides protectionin the second memory against tampering of the BIOS policy. In discussingFIG. 4, references may be made to the components in FIGS. 1-2 to providecontextual examples. For example, the central processing unit 102executes operations 402-416 to validate the BIOS policy through thecomparison of the first value corresponding to the BIOS policy in thefirst memory and a second value corresponding to the BIOS policy in thesecond memory. In another example, a computing device executesoperations 402-416. Further, although FIG. 4 is described as implementedby the central processing unit, it may be executed on other suitablecomponents. For example, FIG. 4 may be implemented in the form ofexecutable instructions on a machine-readable storage medium 604 as inFIG. 6.

At operation 402, the CPU authorizes a received BIOS policy change. Ifthe authorization of the BIOS policy change is successful, the CPU mayproceed to operation 404. If the authorization fails, the CPU does notstore a copy of the BIOS policy change in the first memory or secondmemory. In one implementation, the CPU may initiate the execution of theBIOS code prior to receiving and authorizing the BIOS policy change atoperations 402-404. Operation 402 may be similar in functionality tooperation 304 as in FIG. 3.

At operation 404, the CPU produces at least two copies of the authorizedBIOS policy change. The first copy is stored in the first memory whichis accessible by the CPU and the second copy is transmitted to acontroller. The controller may place the second copy of the BIOS policychange in the second memory, not accessible to the CPU. In oneimplementation, the second copy is encrypted prior to storage in thesecond memory. This implementation is discussed in detail in a laterfigure. Operation 404 may be similar in functionality to operations 310and 312 as in FIG. 3.

At operation 406, the CPU initiates the boot sequence of the BIOS. TheCPU has access to the first memory and may retrieve the BIOS code fromthe first memory for execution. Prior to executing each BIOS policyand/or BIOS code, the CPU may perform a check for validating whetherthat particular BIOS policy and or BIOS code has been tampered with atthe first memory. In this manner, the CPU verifies the integrity of theparticular BIOS policy and/or code.

At operation 408, the CPU compares the first value corresponding to theBIOS policy in the first memory and the second value corresponding tothe BIOS policy in the second memory. Additionally at operation 408, toobtain the first value, the CPU may compute the first value representingthe BIOS policy in the first memory. Further, the second value may bestored with the corresponding BIOS policy in the second memory or thesecond value may be calculated by the CPU. As such, at operation 408,the CPU may request this value from the controller or the CPU mayrequest the corresponding BIOS policy for calculating the second value.As explained earlier, the first value and the second value arerepresentations of the BIOS policy stored in the first memory and thesecond memory, respectively. As such, these values may include, by wayof example, a hash value, hash code, hash sum, checksum, etc. The secondvalue is the value representative of the corresponding BIOS policystored in the second memory. The second value provides a controlmechanism in which to analyze the first value against. The second valuemay be stored with the corresponding BIOS policy in the second memory.In this example, since the second memory is electrically isolated fromthe CPU, the CPU requests the second value from the controller which mayaccess the second memory. If the values are similar, then the validationis considered successful and the BIOS policy in the first memory isconsidered to be without tampering or corruption. If the values aredissimilar, this indicates the BIOS policy in the first memory hasundergone an unauthorized change and as such may be corrupt. Forexample, if the values mismatch this indicates tampering with the BIOSpolicy in the first memory. Comparing the values for validation atoperation 410 enables the CPU to measure or check the integrity of theBIOS policies and/or code at the first memory.

At operation 410, depending on the outcome of the comparison of bothvalues, the BIOS policy in the first memory may be considered validated.If the values are similar, this indicates the validation of the BIOSpolicy is successful while if the values mismatch may indicate thefailure of the validation. In this manner, the CPU may detect anunauthorized intrusion or change of the BIOS policy in the first memory.If the validation of the BIOS policy fails (i.e., unsuccessful), the CPUmay request the backup of the BIOS policy from the controller withaccess to the second memory. The CPU may use this backup BIOS policy toreplace the corrupt BIOS policy in the first memory as at operations412-414. If the BIOS policy is validated, this indicates the BIOS policyin the first memory has not been attacked and may be a trustworthy BIOSpolicy for execution by the CPU. If the validation of the BIOS policy issuccessful, the CPU may proceed to operation 416.

At operation 412, the CPU recovers the backup BIOS policy from thesecond memory for replacing the BIOS policy in the first memory. Atoperation 412, the CPU requests a copy of the backup BIOS policy. Uponreceiving the backup copy of the BIOS policy, the CPU replaces the BIOSpolicy in the first memory that failed validation with the backup copyof the BIOS policy.

At operation 414, the CPU replaces the BIOS policy in the first memorywith the backup copy of the BIOS policy obtained at operation 412.Detecting the corrupt BIOS policy from the first memory upon the failureof the validation, the backup BIOS policy may override the corrupt BIOSpolicy so the CPU may execute uncorrupt BIOS policies and/or code fromthe first memory.

At operation 416, upon the successful validation of the BIOS policy atoperation 410, the CPU continues with the initiation of the bootsequence of the BIOS from the first memory. In another implementation,the CPU may hold off on the execution of the BIOS until receiving thesuccessful validation. The CPU may then resume execution of the BIOSfrom the first memory.

FIG. 5 is a flowchart, executable by a computing device, for authorizinga BIOS policy change and storing a first copy of the BIOS policy changein a first memory accessible by a central processing unit (CPU). Asecond copy of the BIOS policy change may also be encrypted prior tostorage in a second memory electrically isolated from the CPU.Encrypting the second copy of the BIOS policy change prior to storage inthe second memory provides an additional security mechanism to preventcorruption of the second copy of the BIOS policy change. This ensuresthe second memory remains a reliable source for obtaining the BIOS ifthe first memory may suffer any BIOS policy corruptions. In discussingFIG. 5, references may be made to the components in FIGS. 1-2 to providecontextual examples. For example, the central processing unit 102executes operations 502-516 to authorize the bios policy change andencrypt the second copy of the BIOS policy change prior to storage inthe second memory. In another example, a computing device executesoperations 502-516. Further, although FIG. 5 is described as implementedby the CPU, it may be executed on other suitable components. Forexample, FIG. 5 may be implemented in the form of executableinstructions on a machine-readable storage medium 604 as in FIG. 6.

At operation 502, the CPU receives the BIOS policy change. In oneimplementation, the computing device associated with the CPU may includea user interface in which a user may input the BIOS policy change. Inanother implementation, the BIOS policy change may be received as aremote request from over a network. In this implementation, anadministrator may request to the BIOS policy change from a remotelocation. Operation 502 may be similar in functionality to operation 302as in FIG. 3.

At operation 504, the CPU authorizes the BIOS policy change. Themechanisms for authorizing the BIOS policy change may include, by way ofexample: manually through a physical presence in which a prompt on ascreen may elicit user input to ensure the change is requested;inputting a password; using credentials associated with the CPU and/orcomputing device; a cryptographic algorithm in which the BIOS policychange may be represented as a hash value and the computing deviceand/or CPU may have a device specific decryption key to decrypt the hashvalue; and a key-hash authentication code (HMAC). If the authorizationof the BIOS policy change is unsuccessful (i.e., fails), then the CPUproceeds to operations 506-508 and does not store the BIOS policy changein the first memory or the second memory. If the authorization isunsuccessful, this may indicate an unauthorized BIOS policy change andas such may be considered corrupt. Thus, implementing the authorizationof the BIOS policy change prevents unauthorized policy changes frombeing stored in the memories. If the authorization of the BIOS policychange is successful, the CPU may proceed to operation 510 and storesthe first copy of the BIOS policy change in the first memory.Additionally, upon the authorization of the BIOS policy change, the CPUmay produce the first copy and the second copy of the BIOS policy changefor storage in the first and second memories, respectively. Operation504 may be similar in functionality to operations 304 and 402 as inFIGS. 3-4.

At operation 506, upon the failure of authorization of the BIOS policychange, the CPU does not store the BIOS policy change in the firstmemory. This ensures the BIOS policy change is stored when authorizedand thus provides a way of controlling which BIOS policy changes may bestored. Operation 506 may be similar in functionality to operation 306as in FIG. 3.

At operation 508, upon the failure of the authorization of the BIOSpolicy change, the CPU does not store the BIOS policy change in thesecond memory. The second memory is considered isolated from the CPU andas such, provides a level of protection by isolating this memory andBIOS policies and/or codes. Operation 508 may be similar infunctionality to operation 308 as in FIG. 3.

At operation 510, upon the authorization of the BIOS policy change, theCPU may transmit the first copy of the BIOS policy change for storage inthe first memory. In one implementation, an I/O controller may receivethe first copy of the BIOS policy change and place into the firstmemory. The CPU may access the first memory to retrieve a copy of theBIOS from the first memory for potential execution. Upon placing thefirst copy of the BIOS policy change in the first memory, the CPU mayproceed to operations 512-514 to transmit an encrypted copy of the BIOSpolicy change for storage at the second memory. Operation 510 may besimilar in functionality to operations 310 and 404 as in FIGS. 3-4.

At operation 512, the CPU may encrypt the second copy of the BIOS policychange prior to transmitting to the controller with access to the secondmemory. In another implementation, the CPU may transmit the second copyof the BIOS policy change and the controller may encrypt the second copyof the BIOS policy change prior to placing the second copy into thesecond memory. Encrypting the copy of the BIOS policy change provides anadditional level of security to the second memory to prevent tamperingto the BIOS policies.

At operation 514, the CPU may transmit the second copy of the BIOSpolicy change to a controller which has access to the second memory.Prior to placing in the second memory, the second copy of the BIOSpolicy change is encrypted. The second memory is electrically isolatedfrom the CPU, so the CPU transmits the second copy to a component whichmay have access to the second memory. In this implementation, acontroller may receive the second copy from the CPU and encrypt thesecond copy prior to placing in the second memory. The second memoryserves as a backup of BIOS code and/or policies in case the first memoryexperiences an attack and/or tampering. Operation 514 may be similar infunctionality to operations 312 and 404 as in FIGS. 3-4.

At operation 516, the CPU may initiate execution of the BIOS code and/orpolicies from the first memory. In implementations, the CPU may executethe BIOS code prior to receiving the BIOS policy change. In theseimplementations, the CPU may simultaneous execute operations 502-516while also executing the BIOS code. In other implementations, the CPUmay receive the BIOS policy change and authorize the change prior toinitiating the execution of the BIOS from the first memory asillustrated in FIG. 4. Operation 516 may be similar in functionality tooperation 408 as in FIG. 4.

FIG. 6 is a block diagram of a computing device 600 with a processor 602to execute instructions 606-628 with a machine-readable storage medium604. Specifically, the computing device 600 with the processor 602 is toexecute instructions 606-628 for authorizing a BIOS policy change andupon the authorization, store a first copy of the BIOS policy change ina first memory accessible by the processor 602 and transmit a secondcopy of the BIOS policy change for storage in a second memory isolatedfrom the processor 602. The processor 602 may also execute instructions606-628 for initiating an execution of BIOS and validating a BIOS policythrough a comparison of a first value corresponding to the BIOS policyin the first memory and a second value corresponding to the BIOS policyin the second memory. If the validation is successful, the instructionsinclude resuming the execution of the BIOS. If the validation fails,this may indicate the BIOS policy in the first memory is corrupt, thusthe instructions may use a backup copy of the BIOS policy in the secondmemory to replace the BIOS policy in the first memory.

Although the computing device 600 includes processor 602 andmachine-readable storage medium 604, it may also include othercomponents that would be suitable to one skilled in the art. Forexample, the computing device 600 may include the first memory 104and/or the second memory 116 as in FIG. 1. The computing device 600 isan electronic device with the processor 602 capable of executinginstructions 606-628, and as such embodiments of the computing device600 include a computing device, mobile device, client device, personalcomputer, desktop computer, laptop, tablet, video game console, or othertype of electronic device capable of executing instructions 606-628. Theinstructions 606-628 may be implemented as methods, functions,operations, and other processes implemented as machine-readableinstructions stored on the storage medium 604, which may benon-transitory, such as hardware storage devices (e.g., random accessmemory (RAM), read only memory (ROM), erasable programmable ROM,electrically erasable ROM, hard drives, and flash memory).

The processor 602 may fetch, decode, and execute instructions 606-628for authorizing the BIOS policy change and validating a BIOS policy in afirst memory. In one implementation, the processor 602 executes theinstructions 606-614 for authorizing the BIOS policy change. In anotherimplementation, the processor 602 executes the instructions 616-628prior, simultaneously, or upon executing instructions 606-414 forinitiating an execution of BIOS and validation of a BIOS policy.Specifically, the processor 602 executes instructions 606-614 to:receive the BIOS policy change locally from the computing device 600 orfrom a remote request across a network; authorize the received BIOSpolicy change through a security mechanism such as a prompt on a screenon the computing device 600, a password, credentials, a keyed-hashmessage authentication code (HMAC), etc.; and upon authorization of theBIOS policy change, store a first copy of the BIOS policy change in thefirst memory and transmit a second copy of the BIOS policy change forstorage in the second memory. The processor 602 may execute instructions616-628 to: initiate execution of BIOS; validate a BIOS policy byobtaining a first value corresponding to a BIOS policy in the firstmemory and obtaining a second value corresponding to a BIOS policy inthe second memory; compare the first value and the second values, if thevalues are similar indicates a successful validation and resumesexecution of the BIOS, if the values are dissimilar indicates a corruptsBIOS policy in the first memory and fails the validation instruction; ifthe BIOS policy fails validation, obtain a backup BIOS policy from thesecond memory and replace the BIOS policy in the first memory with thebackup BIOS policy from the second memory.

The machine-readable storage medium 604 includes instructions 606-628for the processor 602 to fetch, decode, and execute. In anotherembodiment, the machine-readable storage medium 604 may be anelectronic, magnetic, optical, memory, storage, flash-drive, or otherphysical device that contains or stores executable instructions. Thus,the machine-readable storage medium 604 may include, for example, RandomAccess Memory (RAM), an Electrically Erasable Programmable Read-OnlyMemory (EEPROM), a storage drive, a memory cache, network storage, aCompact Disc Read Only Memory (CDROM) and the like. As such, themachine-readable storage medium 604 may include an application and/orfirmware which can be utilized independently and/or in conjunction withthe processor 602 to fetch, decode, and/or execute instructions of themachine-readable storage medium 604. The application and/or firmware maybe stored on the machine-readable storage medium 604 and/or stored onanother location of the computing device 600.

Thus, examples disclosed herein provide a secure mechanism forauthorizing a BIOS policy change prior to committing the change intostorage. Additionally, the examples provide a validation of a BIOSpolicy in a memory to detect whether the BIOS policy may be corrupt.

We claim:
 1. A method executable by a computing device, the methodcomprising: receiving a basic input output system (BIOS) policy change;authorizing the BIOS policy change; and upon the authorization of theBIOS policy change, storing a first copy of the BIOS policy change in afirst memory accessible by a central processing unit and transmitting asecond copy of the BIOS policy change for storage in a second memoryelectrically isolated from the central processing unit; wherein the BIOSpolicies comprises at least one of a boot order of the BIOS, hardwareconfigurations, and a BIOS security mechanism, and wherein the BIOSpolicy change is a modification to the at least one of a boot order ofthe BIOS, hardware configurations, and a BIOS security mechanism.
 2. Themethod of claim 1, wherein transmitting the second copy of the BIOSpolicy change for storage in the second memory electrically isolatedfrom the central processing unit comprises: encrypting the second copyof the BIOS policy change prior to storage in the second memory; andstoring the encrypted second copy of the BIOS policy change in thesecond memory.
 3. The method of claim 1, comprising: initiating a bootsequence of the BIOS; and validating a BIOS policy through a comparisonof a first value corresponding to the BIOS policy in the first memoryand a second value corresponding to the BIOS policy in the secondmemory.
 4. The method of claim 3, wherein when the first value and thesecond value are dissimilar, the dissimilarity indicates a failure ofthe validation of the BIOS policy in the first memory, the methodcomprises: obtaining a backup of the BIOS policy from the second memory;and replacing the BIOS policy in the first memory with the backup of theBIOS policy from the second memory.
 5. The method of claim 1, whereinwhen the BIOS policy change fails the authorization, the BIOS policychange is not stored in the first memory or the second memory.
 6. Themethod of claim 1, wherein the second memory serves as a backup of theBIOS to the first memory.
 7. The method of claim 1, wherein when thefirst value and the second value are similar, the similarity indicates asuccess of the validation of the BIOS policy in the first memory, themethod comprises: continuing with a boot sequence of the BIOS.
 8. Anon-transitory computer-readable storage medium comprising instructionsthat when executed by a processor cause a computing device to: initiateexecution of a boot sequence for a basic input output system (BIOS);validate a BIOS policy in a first memory accessible by the processor;and when the validation the BIOS policy fails, obtain a backup of theBIOS policy from a second memory electrically isolated from theprocessor for restoring the BIOS policy in the first memory with thebackup of the BIOS policy from the second memory, wherein the BIOSpolicies comprises at least one of a boot order of the BIOS, hardwareconfigurations, and a BIOS security mechanism.
 9. The non-transitorycomputer-readable storage medium including the instructions of claim 8,wherein upon the validation of the BIOS policy in the first memoryincludes instructions that when executed by the processor cause thecomputing device to: continue the execution of the BIOS.
 10. Thenon-transitory computer-readable storage medium including theinstructions of claim 8, wherein the validation of the BIOS policy inthe first memory includes instructions that when executed by theprocessor cause the computing device to: obtain a first valuecorresponding to the BIOS policy in the first memory accessible by theprocessor; obtain a second value corresponding to the backup BIOS policyin the second memory electrically isolated by the processor; and comparethe first value and the second value for the validation of the BIOSpolicy in the first memory, wherein the first value and the second valuebeing dissimilar indicates a failure of the validation the BIOS policyin the first memory.
 11. The non-transitory computer-readable storagemedium including the instructions of claim 8, and including instructionsthat when executed by the processor causes the computing device to:receive a BIOS policy change corresponding to a BIOS policy; authorizethe BIOS policy change; upon the authorization of the BIOS policychange, store a first copy of the BIOS policy change in the first memoryaccessible by the processor; and transmit a second copy of the BIOSpolicy change for storage in the second memory electrically isolatedfrom the processor, wherein the BIOS policy change is a modification tothe at least one of a boot order of the BIOS, hardware configurations,and a BIOS security mechanism.
 12. A system comprising: a centralprocessing unit to execute a boot sequence of a basic input outputsystem (BIOS) stored in a first memory for authorization of a BIOSpolicy change; the first memory accessible by the central processingunit to store a first copy of the BIOS policy change upon authorizationof the BIOS policy change; and a second memory electrically isolatedfrom the central processing unit to store a second copy of the BIOSpolicy change upon authorization of the BIOS policy change, wherein theBIOS policies comprises at least one of a boot order of the BIOS,hardware configurations, and a BIOS security mechanism, and wherein theBIOS policy change is a modification to the at least one of a boot orderof the BIOS, hardware configurations, and a BIOS security mechanism. 13.The system of claim 12, comprising: a controller to: receive the secondcopy of the BIOS policy change; and store the second copy of the BIOSpolicy change to the second memory, wherein the second memory isaccessible by the controller.
 14. The system of claim 12, wherein: thecentral processing unit is to: upon the execution of the boot sequenceof the BIOS, validate a BIOS policy corresponding to the BIOS policychange at the first memory; upon the validation of the BIOS policy,continue the execution of the boot sequence of the BIOS, wherein thesecond memory serves as a backup BIOS policy to an invalidated BIOSpolicy.
 15. The system of claim 14, wherein for the validation of theBIOS policy corresponding to the BIOS policy change in the first memory,the central processing unit is to: obtain a first value corresponding tothe BIOS policy in the first memory; obtain a second value correspondingto the BIOS policy in the second memory; and compare the first value andthe second value for validation of the BIOS policy, wherein the firstvalue and the second value arc being dissimilar indicates a failure ofthe BIOS policy.
 16. The system of claim 12, wherein the centralprocessing unit is to: encrypt the second copy of the BIOS policy changeupon authorization; and store the encrypted second copy of the BIOSpolicy change in the second memory.